Over the last few years, Professor Spafford's work in information security and public policy, as well as his lecturing style, have resulted in requests for him to provide testimony before various Congressional committees and to advise agencies in the Executive Branch. This page contains links to those sessions and testimony, in reverse chronological order within governmental unit.

If you are going to be providing your own testimony, you might find this advice helpful.

Congress

4 May 2011, 112th Congress

Testimony on behalf of USACM before the House Subcommittee on Commerce, Manufacturing and Trade, Committee on Energy and Commerce Hearing on "The Threat of Data Theft to American Consumers."

Subsequent to the hearing, I was asked three questions for the record. These were my responses.

6 May 2008, 110th Congress

Testimony on behalf of USACM before the House Subcommittee on Social Security, Committee on Ways and Means Hearing on "Employment Eligibility Verification Systems and the Potential Impacts on the Social Security Administration's (SSA's) Ability to Serve Retirees, People with Disabilities, and Workers."

22 June, 2006, 109th Congress

This is testimony before the House Veterans' Affairs Committee on the topic of "Oversight Hearing on the Academic and Legal Implications of VA's Data Loss."

27 October, 2005, 109th Congress

This is testimony before the House Armed Services Committee. The topic is on "Cyber Security, Information Assurance and Information Superiority."

17 September 2003, 108th Congress

This was testimony before the House Government Reform Committee Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. The topic was on certification of software, and the role it should play in governmental acquisitions.

24 July 2003, 108th Congress

Testimony before the House Armed Services Committee Subcommittee on Terrorism, Unconventional Threats and Capabilities. My testimony was on Cyber Terrorism: The New Asymmetric Threat.

10 October 2001, 107th Congress

This was testimony before the House Science Committee. The topic was Cyber Security — How Can We Protect American Computer Networks From Attack? My testimony and the official House transcript are available online.

11 February 1997, 105th Congress

This was testimony before the House Science Committee. The hearing was on Secure Communications, and my testimony was entitled One View of a Critical National Need: Support for Information Security Education and Research. My written testimony is available in both HTML and PDF.

Spaf serves on the GAO's Executive Council on Information Management and Technology (ECMIT). This committee of experts advises GAO management on upcoming trends and issues, concerns about IT issues, and other items to assist GAO in its duties of ensuring accountability of government.

Executive Branch

PITAC

Spaf was as a member of the President's Information Technology Advisory Committee (PITAC) for 2003-2005. They looked at issues related to health care informatics, funding for basic cybersecurity research, and Federal support for supercomputing.

February 2000, 42nd President

As a result of a significant distributed denial of service attack (DDOS), I was one of a group of people invited to the White House to meet with President Clinton. Afterwards, I wrote an account of that meeting that was reprinted in several venues. It is also available here.

Spaf was a member of the the Air Force Scientific Advisory Board in 1999-2003. This group provides expert scientific advice to the Chief of Staff of the Air Force regarding current and future technology issues. During his time on the AFSAB, Spaf participated in studies on next-generation database systems, on asymmetric terrorist threats, and he chaired a review of part of the Air Force Research Laboratory. For his service, he was awarded an Air Force medal for "Meritorious Civilian Service."

He returned to the Board as a consultant/advisor for studies conducted in 2007 and 2008.

Spaf was member of the national steering committee of the FBI's Regional Computer Forensics Laboratories (RCFL) program from 2003-2006. The RCFLs are equipped with the latest forensic equipement and trained personnel to help investigate information crimes and the use of computers in traditional crimes.

Spaf spent the 2003-2004 academic year at the National Science Foundation as a senior advisor to the Assistant Director of CISE, Dr. Peter Freeman. In this role he assisted in formulating general plans for programs such as the Cyber Trust solicitation, and increasing awareness of the interdisciplinary aspects of cyber security, privacy and forensics.